1. Can we issue a call to generate a pass ticket for an ACID that is not defined to the security file?
A passticket is used to signon an acid that his defined to security. So, the user must be defined to security.
2. Is there a way to modify the ACID used in the pass ticket generation process when a request is made to generate a pass ticket?
The RACF Callable Service r_gensec is used to generate a passticket. From the zOS V2R1 RACF Callable Services Guide (SA23-2293-00) page 217, which document the r_gensec callable service and it looks like you can specify the acid you wish to use. Here is a section of the doc:
Generate PassTicket(1): This function will generate a PassTicket for a specified
userid and application name.
The function-specific parameters are:
* Address of a word containing the subfunction code (input).
* Address of a String block containing an 8-byte pre-allocated area to return the
PassTicket (output). The string block length must be 8 or larger to indicate an
acceptable buffer has been provided.
* Address of a String block containing 1-8 byte userid (input).
* Address of a String block containing a 1-8 byte application name (input).